November 8, 2019 | Security and Privacy Entrepreneurs

Venue: SABA Software

4120 Dublin Blvd. Amenity Hub

Dublin, CA 94568

The events was a tremendous success because of all of you. We look forward to seeing everyone in January. Have a safe and loving holiday season. 

• Chapter Mission + Brother and Sister Organizations and the Industry Mission – Guest ISC2 SV, ISSA, CSA, ISACA
• About your Board and Committee:
• About Our Breakfast Sponsors:

Responsibility in the Cyber/Cognitive Era

Chairman Of The Board at The Good Data Factory Security and Privacy Entrepreneurs Nov 8 2019

Session Description: Humanity is entering an exciting era where technological advancements have made it possible for us not only to change how information is processed but how information changes how we think and behave as conscientious independent and social actors. With these newfound powers comes the awesome responsibility, as creators and consumers, to properly reframe our mindsets, develop new skills and deploy modern tools that continue to serve humanity in harmony with our environment.

About your speaker: chairman of the board at the good data factory, recent CTO & VP of enterprise architecture at Sephora, Ali Bouhouch is a transformational technology executive with over 20 years of success in leading consulting, software and data engineering teams and delivering cutting-edge solutions in e-commerce, client experience, and advanced analytics. Ali has deep experience in leveraging emerging technologies like cloud, big data, in-memory, and cognitive computing to drive success throughout the customer journey in digital marketing and retail. Prior to joining Sephora, Ali was at grid dynamics where he led a globally distributed team serving the technology needs of leading retailers like Macy’s, kohls and American Eagle Outfitters. Before that Ali held leadership positions at Forrester, Tibco, and WIPRO. Ali has been a valuable member of the senior executive team at small silicon valley startups as well as global enterprises. Ali holds a bs degree in electrical engineering from San Diego state university and an MS Degree in computer science from Arizona State University.

About your speaker: Chairman Of The Board at The Good Data Factory, recent CTO & VP OF ENTERPRISE ARCHITECTURE AT SEPHORA, Ali Bouhouch is a transformational technology executive with over 20 years of success in leading consulting, software and data engineering teams and delivering cutting-edge solutions in e-Commerce, Client Experience, and Advanced Analytics. Ali has deep experience in leveraging emerging technologies like Cloud, Big Data, In-Memory and Cognitive Computing to drive success throughout the customer journey in digital marketing and retail.  Prior to joining Sephora, Ali was at Grid Dynamics where he led a globally distributed team serving the technology needs of leading retailers like Macy’s, Kohls and American Eagle Outfitters. Before that Ali held leadership positions at Forrester, TIBCO and WIPRO. Ali has been a valuable member of the senior executive team at small Silicon Valley startups as well as global enterprises.  Ali holds a BS degree in Electrical Engineering from San Diego State University and an MS degree in Computer Science from Arizona State University.

About The Good Data Factory: In a world drowning in data and starved for information and actionable insight, The Good Data Factory steps in to fill ever-increasing skills and capability gap. We serve as a strategic data science partner to our clients, from startups to large corporations, either having an in-house team of data analytics or not, and we help them to effectively shape their business strategies and create a sustainable competitive advantage in the digital and experience economy. Our team of Data Engineers and Data Scientists bring a disciplined approach to the treatment of data throughout the Data Science pipeline. They ensure data is available in a purpose-fit format and quality at every stage of the Data Science lifecycle without compromising the integrity of the original raw data corpus. Our Data Scientists are Mathematically grounded with PhDs and Post-Doctoral on-going research in Abstract and Applied Mathematics. They are skilled in multiple modeling approaches and capable of understanding a problem domain, characterize its dimensions of complexity, project it into the appropriate solution space to reduce complexity and surface latent or hidden attributes and patterns leading to simpler and better performing algorithms than the usual brute force approach. We are working with clients from varying industries including Retail, Digital Marketing, Banking, Insurance, and Energy. Give us your most challenging Data, Analytics or Data Science problem and let us show you a different way of solving it effectively and efficiently.

Doug Meier, National Director of Information Security & Data Governance

Slipping the Curve of Reality

Session Description: Session Description: Why you shouldn’t be building a security program – because you’re just going to do it the wrong way
Detail: Modern Security programs are built with the best of intentions, addressing immediate concerns and focusing on short-term tactical needs to protect and secure the business. While this all-too-common strategy produces positive benefits in the short-term and can establish a security ethic into the organizational mindset, it sacrifices long-term vision and scope. This commonly accepted, ad hoc approach is a major contributing factor in why the average tenure of a security professional is between 18 months and two years. We come in and solve some problems, but we tend to wear out our welcome and don’t stick around very long. There are reasons for this that we don’t like to consider. One is that security programs are too focused on issues du jour and not focused enough on the hard work of continually aligning security program objectives to the organization’s strategic objectives. Another reason is that we tend to believe our own hype — that is, cling to the tired security program dogmas of 10 and 20 years ago. Until we confront our own assumptions and failings, we will continue, as a profession,  to slip further behind the curve of reality. In this session, Doug identifies how we need to challenge fundamental assumptions and re-prioritize our efforts accordingly to contribute meaningfully and consistently to the success of the organization over time.
Your perception of what it takes to build a security program is probably incorrect

IAM Strategy

Session Description: Managing IAM in a startup world through automation

Appropriate Identity and Access Management in the corporate world is a critical function to ensure one’s security posture. You don’t need to spend millions to get it right! You don’t need to have resources dedicated to managing it!
This talk will focus on how through automation, crowdsourcing and simple processes, one can ensure your employees only have the access they need. For example:
– our quarterly employee access review takes 5 minutes.
– terminated employees loose access within 5 minutes of leaving the premisses.
– provisioning of new employees is mostly automated based on role mappings. You can do all this without breaking the bank and have time to focus on the bigger problems! At the end of the day, humans are humans… they are unreliable! If you have regulatory or compliance requirements around IAM, you have no choice: you need to automate.

About your speaker: “It all started with early e-commerce sites storing item prices client-side!
A tinkerer from an early age and the constant need to feed my curiosity have been critical skills to my Information Security career.
With strong technical skills that I keep current and some amount of business acumen, I realized early that my role was not to build mini Fort Knox everywhere I went but instead teach people new skills: I am an evangelist helping organizations understand enough about the risk dimension associated to security and privacy – just as we understand financial, brand or contractual/legal dimensions in our daily activities.
I am also an enforcer! Not the one that carries a weapon – instead, I keep us honest by providing a platform for self-policing. “

Private tables and appointments during afternoon sessions – sign-ups during open lunch – CPE’s for follow up

Eric Heitzman, Director of Business Development

About Your Speaker: Eric Heitzman, Director of Business Development
Eric helps Security Compass’s largest customers (in finance, technology, health, oil & gas) address Security, Privacy, and Compliance for software applications at scale. Eric is a career application security expert (security consulting, static analysis, and dynamic analysis).

About Security Compass: Security Compass is a software security company that offers professional advisory services, training, and SD Elements, a first-of-its-kind “policy to execution” platform. We help to eliminate security vulnerabilities in mission-critical applications so that regulatory and compliance standards are easily met.

Michelle Finneran Dennedy, Chief Executive Officer at DrumWave

Session Description: Data is a new asset class.  If data is– as we believe–  an element of community, culture,  and commerce, how does this relate to privacy and security? There is a way of looking at data as a society and technical community, where we can put data elements together into a system that focuses on humans as opposed to APIs or gear.  When we do look at data and the possibilities of data rather than purely technical elements, we start to protect these more comprehensive “systems” from unethical attackers, political attackers. When we think about data as an asset class, we can start to think more and differently about how data impacts our world.

About your speaker:  Michelle’s work has included a number of positions and side projects that all advance the respect for human information.  “we work to raise awareness and create tools that promote quality, integrity, respect and asset-level possibilities for information assets. I have a passion for building better technology that matters. I also work closely with families, executives, innovators and dreamers at all levels and in businesses & organizations at all stages to support the combination of policy, practice, and tools. “

About DrumWave: the data company for business people, data scientists, analysts, all types of students – and you. Powered by extreme data-value engineering and visualization, Drumwave solutions enable users to dynamically capture, combine, analyze, pack, price, sell and deliver data value for internal and external uses. Our diverse team of thinkers and doers – experts in data science, mathematics, analytics, biology, business management, design, telecommunications, education, advertising and print and television media-are committed to unlocking the value of data for monetization and intelligence. Learn more at http://www.drumwave.com

Basil Slides for ISC2 Fall Conference

Session Description: Blockchain is the most hyped technology in recent years. There is no industry that will not, allegedly, be disrupted or revolutionized by digital ledger technology, cryptocurrency, asset tokenization, or Smart Contracts. Cybersecurity and regulatory technology are no exception, but are there legitimate commercial applications? Is it just hype? Or is blockchain technology something that will actually be useful for information security professionals, and for governance, risk and compliance professionals?  What are the use cases? How do we get there from here?

About your speaker: Ron Herardian has a 20-year track record of success in enterprise software as a founder, investor, board member and advisor serving in multiple engineering, consulting and CxO roles. In his last role, Mr. Herardian was responsible for operations including DevOps and InfoSec, including SOC 2 and GDPR compliance.  Ron Herardian has a 20-year track record of success in enterprise software as a founder, investor, board member and advisor serving in multiple engineering, consulting and CxO roles. In his last role, Mr. Herardian was responsible for operations including DevOps and InfoSec, including SOC 2 and GDPR compliance. Mr. Herardian, who has worked for IBM Lotus, Cisco and Oracle in the past, is a graduate of Stanford University, a member of the Institute for Electrical and Electronic Engineers (IEEE) and a Senior Member of the Association of Computing Machinery (ACM). He is a speaker at conferences and events, as well as a published author who has co-authored a book and written many whitepapers and articles.

About Basil: Basil is a revolutionary new DevSecOps framework that prevents security and operational mistakes, as well as malicious insider actions; a secure middleware layer that performs code execution or data access on behalf of human or machine users. Users are defined, and security rules are stored on the blockchain. User actions are digitally signed, so that rule changes, approvals, and other actions are recorded on the blockchain. As a result, Basil creates a chain of integrity through the CI/CD pipeline.

Brave Cultures 4 keys

Session Description:

if you have a business culture that is not psychologically safe for all types of people, you have a culture of mistrust. In a culture of mistrust, people- especially marginalized people- will withhold information, avoid admitting mistakes, and be generally disengaged in ways that can dramatically reduce their efficacy. If disengaged employees are dealing with matters of Security and Privacy, a LOT can go wrong. Homogenous leadership leads to biases- many of them unconscious- that can cause your company to be susceptible to security breaches caused by social engineering. An essential element for creating a culture of trust and psychological safety is to ensure that the Leadership team is diverse and inclusive. 

Sponsors Welcome

 

Resources

Your friends and colleagues at (ISC)2 East Bay Chapter chapter can’t wait to see you. We hope you join us in giving special thanks to the conference committee volunteers, without whom, such events would not be possible. Providing weekly meetings, binding flyers, drafting letters, being a liaison to our gracious speakers, updating and proofing our presentations, and assisting in the overall quality management of each Conference, we acknowledge Dan Green, Ed Glover, Maura Jones, Rizwan Ashraf, Peter Chen, as well as all members of the Board of Directors for their added responsibilities in coordinating our conference business, and for all the wisdom provided by the full membership of our chapter. Your support is greatly appreciated. Sincerely, Robin Basham, Conference Director and Chapter President.

• President Robin Basham
• Vice President  Istvan Berko
• Treasurer and Finance Director Gary Dylina
• Chapter Secretary Carmen Parrish
• Director Membership  Kerry Bryan
• Director Programs Dan Green
• Director Operations Rizwan Ashraf
• Director Technical Steven Lai
• Director Marketing & Communication Krishnan Thiruvengadam
• Director Cybersecurity Awareness Maura Jones
• Director of Education & Career Development Jing Zhang-Lee
• Conference Director Robin Basham

We’d like to especially thank Jason Hoffman and Rizwan Ashraf for arranging our sponsorship at Saba Software